Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[JSA/STRM/SRX] Example: How to forward structured, system syslog messages from SRX to JSA

0

0

Article ID: KB29539 KB Last Updated: 01 Feb 2021Version: 3.0
Summary:

This article contains a basic example configuration on an SRX device to send structured, control plane syslog events to a Juniper Secure Analytics (JSA) appliance.

 

Symptoms:

Configure system log messages to be sent to a JSA appliance.

 

Solution:

The following example shows how to configure the SRX device to forward all system (control plane) logs to a JSA device (10.10.10.1).

Configuration Example:

root@srx# set system syslog host 10.10.10.1 any any
root@srx# set system syslog host 10.10.10.1 port 514
root@srx# set system syslog host 10.10.10.1 structured-data
  1. Set the syslog host to the IP address of the JSA, and set the log facilities/level to "any any".

  2. Set the destination-port that the JSA is configured to receive the logs.

  3. Configure the logs as "structured." This is required in order for JSA to be able to recognize the logs.

To summarize the commands:

set system syslog host 10.10.10.1 any any
set system syslog host 10.10.10.1 port 514
set system syslog host 10.10.10.1 structured-data

Important:  If you are also configuring traffic logs, it is recommended that you configure traffic logs using stream mode to avoid high CPU on the RE (Routing Engine). For an example of how to send traffic logs from the SRX device to JSA, refer to KB16224 - [Includes video] How to forward traffic logs from an SRX device to JSA/STRM.

View SRX logs on JSA devices

To view the logs, use a browser and log in to the JSA WebUI. Click the Log Activity tab. Then select "Real Time (streaming)" from the "Viewing real time flows" drop-down menu.

 

Modification History:

2021-02-01: Minor changes made for clarity and products regrouped

 

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search